Wireless communication devices, such as smart phones, have traditionally been configured to utilize Universal Integrated Circuit Cards (UICCs) that provide access to wireless network services. A UICC typically takes the form of a small removable card (e.g., a Subscriber Identity Module (SIM) card) that is inserted into a wireless communication device. In most cases, each UICC is associated with a single “Issuer”—such as a mobile network operator—that controls the programming and distribution of the UICC.
In more recent implementations, non-removable UICCs—referred to herein as embedded UICCs (eUICCs)—are being included on system boards of wireless communication devices. These eUICCs are distinct from the traditional removable UICCs in that the eUICCs are non-removable and soldered to the system boards of wireless communication devices. An eUICC can be programmed with one or more eSIMs, each of which can emulate and replicate the architecture of a typical SIM so as to enable a wireless communication device (that includes the eUICC) to access wireless network services.
The use of eUICCs and eSIMs can offer significant advantages over traditional UICCs. For example, eUICCs can provide wireless communication device manufacturers with increased flexibility in wireless communication device design due to the lack of a requirement to accommodate the size and form factor of a removable SIM card. As a further example, the ability to remotely provision (e.g., over-the-air) eSIMs can provide convenience for consumers and vendors when configuring a wireless communication device to access a mobile network operator's network.
Existing approaches for provisioning eSIMs—such as those specified by the GlobalPlatform™ Specification—involve encrypting the eSIMs using symmetric keys and transmitting the eSIMs from a provisioning entity to eUICCs of wireless communication devices. Specifically, each eUICC is associated with and stores a symmetric key, and the provisioning entity stores, for each eUICC known to the provisioning entity, a copy of the eUICC's symmetric key. In this manner, when the provisioning entity is tasked with delivering an eSIM to an eUICC, the provisioning entity can use the eUICC's symmetric key to securely encrypt and transmit the eSIM to the eUICC, whereupon the eUICC can decrypt and utilize the eSIM. By design, this symmetric key is shared by and known only to the provisioning entity and the eUICC in order to prevent malicious entities from intercepting, decrypting, and exploiting eSIM transmissions. Unfortunately, security flaws associated with this design continue to be problematic, and the overall level of exposure is increasing as the scale and complexity of wireless systems grow. As such, there exists a need for solutions that provide for increased security for communication channels established between an eUICC and external “off-card” entities.